Monday, May 28, 2012

Flame Cyberespionage discovered

slashgear.com

A new and fast spreading malware tipped to already dwarf the notorious Stuxnet has been identified, codenamed Flame and believed to be state-run cyberespionage affecting PCs in Iran and nearby countries. Spotted by Kaspersky Lab, “Worm.Win32.Flame” blends features from backdoor, trojan and worm malware, and once surreptitiously loaded onto a target machine can monitor network traffic, local use, grab screenshots and record audio, sending all that data back to its home servers. Believed to be active from at least March 2010, Flame is tipped to be 20x more prevalent than Stuxnet.

Iran is the most common place Kaspersky have discovered Flame, but it’s also been discovered in Israel, Palestine, the Sudan, Syria, Lebanon, Saudi Arabia and Egypt; there are “probably thousands of victims worldwide” the researchers estimate. Interestingly, there’s a broad spread of targeted computers, across academia, private companies, specific individuals and others; the operators appear to be cleaning up after themselves, too, only leaving Flame active on the most interesting machines, and deleting it from those with little worth.

Once loaded, Flame has the ability to be updated with new functionality in the form of add-on packages, of which around twenty have been currently identified. The exact purposes of those modules is still being investigated.

Prior to starting ComSec LLC in 2007, Mr. LeaSure was active within the counterespionage, counterterrorism and TSCM fields for 26 years. He has attained the prestigious CCISM, Certified Counterespionage Information Security Management Certification. He also has extensive training, knowledge and experience in the identification of eavesdropping devices, espionage detection methods and the intelligence collection tactics most often employed by perpetrators of electronic espionage.

J.D. LeaSure is also the Director of the Espionage Research Institute International (ERII). As Director, he is tasked with ensuring the organization is successful in its mission to provide continuing education, facilitate professional relationship building and ensure the counterespionage & counterintelligence skill sets of its membership remains current as espionage tactics and devices evolve.